diff --git a/Makefile b/Makefile index 537da37..5803e41 100644 --- a/Makefile +++ b/Makefile @@ -1,9 +1,10 @@ GCC_BIN=`xcrun --sdk iphoneos --find gcc` GCC_UNIVERSAL=$(GCC_BASE) -arch armv7 -arch armv7s -arch arm64 SDK=`xcrun --sdk iphoneos --show-sdk-path` +SDK_PLATFORM=`xcrun --sdk iphoneos --show-sdk-platform-path` CFLAGS = -GCC_BASE = $(GCC_BIN) -Os $(CFLAGS) -Wimplicit -isysroot $(SDK) -F$(SDK)/System/Library/Frameworks -F$(SDK)/System/Library/PrivateFrameworks +GCC_BASE = $(GCC_BIN) -Os $(CFLAGS) -Wimplicit -isysroot $(SDK) -F$(SDK)/System/Library/Frameworks -F$(SDK_PLATFORM)/Developer/Library/PrivateFrameworks all: dumpdecrypted.dylib diff --git a/README b/README index 8000eb3..8a824e6 100644 --- a/README +++ b/README @@ -11,20 +11,20 @@ And then just: make Usage: -iPod:~ root# DYLD_INSERT_LIBRARIES=dumpdecrypted.dylib /var/mobile/Applications/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/Scan.app/Scan +iPod:~ root# DYLD_INSERT_LIBRARIES=dumpdecrypted.dylib /var/mobile/Containers/Bundle/Application/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/Scan.app/Scan mach-o decryption dumper DISCLAIMER: This tool is only meant for security research purposes, not for application crackers. [+] Found encrypted data at address 00002000 of length 1826816 bytes - type 1. -[+] Opening /private/var/mobile/Applications/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/Scan.app/Scan for reading. +[+] Opening /private/var/mobile/Containers/Bundle/Application/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/Scan.app/Scan for reading. [+] Reading header [+] Detecting header type [+] Executable is a FAT image - searching for right architecture [+] Correct arch is at offset 2408224 in the file [+] Opening Scan.decrypted for writing. [-] Failed opening. Most probably a sandbox issue. Trying something different. -[+] Opening /private/var/mobile/Applications/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/tmp/Scan.decrypted for writing. +[+] Opening /private/var/mobile/Containers/Bundle/Application/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/tmp/Scan.decrypted for writing. [+] Copying the not encrypted start of the file [+] Dumping the decrypted data into the file [+] Copying the not encrypted remainder of the file diff --git a/dumpdecrypted.c b/dumpdecrypted.c index 3313be2..0e821e0 100644 --- a/dumpdecrypted.c +++ b/dumpdecrypted.c @@ -3,20 +3,20 @@ Dumps decrypted iPhone Applications to a file - better solution than those GDB scripts for non working GDB versions (C) Copyright 2011-2014 Stefan Esser -iPod:~ root# DYLD_INSERT_LIBRARIES=dumpdecrypted.dylib /var/mobile/Applications/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/Scan.app/Scan +iPod:~ root# DYLD_INSERT_LIBRARIES=dumpdecrypted.dylib /var/mobile/Containers/Bundle/Application/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/Scan.app/Scan mach-o decryption dumper DISCLAIMER: This tool is only meant for security research purposes, not for application crackers. [+] Found encrypted data at address 00002000 of length 1826816 bytes - type 1. -[+] Opening /private/var/mobile/Applications/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/Scan.app/Scan for reading. +[+] Opening /private/var/mobile/Containers/Bundle/Application/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/Scan.app/Scan for reading. [+] Reading header [+] Detecting header type [+] Executable is a FAT image - searching for right architecture [+] Correct arch is at offset 2408224 in the file [+] Opening Scan.decrypted for writing. [-] Failed opening. Most probably a sandbox issue. Trying something different. -[+] Opening /private/var/mobile/Applications/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/tmp/Scan.decrypted for writing. +[+] Opening /private/var/mobile/Containers/Bundle/Application/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/tmp/Scan.decrypted for writing. [+] Copying the not encrypted start of the file [+] Dumping the decrypted data into the file [+] Copying the not encrypted remainder of the file